GitHub will now alert you of security flaws in your project dependencies

If you’re working with dependencies on your GitHub-hosted projects, you’ll be happy to know that the repo platform will now alert you about vulnerabilities in things like React, so you’re aware of security flaws that might harm your site or app.

The company says its new feature will also point you to fixes suggested by the GitHub community, so you can sort out these issues and keep your project running smoothly.

It’s currently supported only in Javascript and Ruby, and GitHub promises to add Python support next year.

To turn it on, you’ll need to enable your dependency graph (it’s automatically turned on in public repositories) by opting in in the repo settings, or finding the Insights tab and granting access there.

That’s good news for folks who want to keep their projects in top shape, but can’t yet afford or bother with third-party security tools like Gemnasium or Snyk (whose plans start $50 and $99 a month, respectively).